Jquis 0 Posted May 28, 2018 Report Share Posted May 28, 2018 I have a windows server 2012 that has all the files encrypted by the wtf randsomware and I am looking for a Decryptor. i also neeed a protection solution which emsisoft product can can protect this type of server? has anyone been successful at Decrypting these files. Quote Link to post Share on other sites
Jquis 0 Posted May 28, 2018 Author Report Share Posted May 28, 2018 Here is a file it encrypted Invoice - INV_2018_103003.pdf.wtf Quote Link to post Share on other sites
GT500 861 Posted May 28, 2018 Report Share Posted May 28, 2018 16 hours ago, Jquis said: which emsisoft product can can protect this type of server? We sell Emsisoft Anti-Malware licenses for server editions of Windows (Server 2008 R2, Server 2012, and Server 2016 are supported):https://www.emsisoft.com/en/software/antimalwareforserver/ It will offer the protection you are looking for, however you need to make sure that ports for things like RDP are closed in your firewall. No anti-virus is going to be able to protect a system from a remote attacker who has gained access to the local administrator account on a computer via RDP. 16 hours ago, Jquis said: has anyone been successful at Decrypting these files. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them. Quote Link to post Share on other sites
keiffer 0 Posted June 9, 2018 Report Share Posted June 9, 2018 Unfortunately it looks like I got hit by this one last night as well. From everything I have found, this is a Cry36 variant. I can't find any decrypters. Seems like my only option at this point is to wipe the server and start from scratch. This means we will lose thousands of irreplaceable family photos. Has anyone else found a way to decrypt these files? Quote Link to post Share on other sites
Acelooc 0 Posted June 10, 2018 Report Share Posted June 10, 2018 18 hours ago, keiffer said: Unfortunately it looks like I got hit by this one last night as well. From everything I have found, this is a Cry36 variant. I can't find any decrypters. Seems like my only option at this point is to wipe the server and start from scratch. This means we will lose thousands of irreplaceable family photos. Has anyone else found a way to decrypt these files? The best way to do is 1: hide your encrypted files somewhere safe 2: be patient Thats what am i doin now Quote Link to post Share on other sites
GT500 861 Posted June 11, 2018 Report Share Posted June 11, 2018 On 6/10/2018 at 12:08 PM, Acelooc said: The best way to do is 1: hide your encrypted files somewhere safe 2: be patient Thats what am i doin now That's essentially correct. Until law enforcement and/or security analysis companies are able to take over the servers run by the criminals and liberate their database of private keys, it won't be possible to make a free decrypter for this ransomware, so waiting is all we can do for now. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.